hello,
this is my configuration
wan public ip 2.2.2.2
lan router ip 192.168.1.254
lan router ip mikrotik 192.168.1.1
lan internal mikrotik 192.168.10.1
lan internal server 192.168.10.200
i need to forward port 22 from wan to lan internal server
the port forward is ok but all ssh request have source ip 192.168.10.1 . is possible preserve original public ip that request ssh (ex 3.3.3.3 to 192.168.10.200)
Thanks
Re: port forward lost source ip
Normally that is what happens.
Probably you have done both srcnat and dstnat for the packet? (maybe as part of experimenting)
You need to do only dstnat to get the behaviour you want there.
Probably you have done both srcnat and dstnat for the packet? (maybe as part of experimenting)
You need to do only dstnat to get the behaviour you want there.
Re: port forward lost source ip
Sounds like your masquerade rule is the cause.the port forward is ok but all ssh request have source ip 192.168.10.1 . is possible preserve original public ip that request ssh (ex 3.3.3.3 to 192.168.10.200)
You should only let the masquerade rule apply to traffic leaving your WAN interface.
For example:
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WANRe: port forward lost source ip
ok thanksSounds like your masquerade rule is the cause.the port forward is ok but all ssh request have source ip 192.168.10.1 . is possible preserve original public ip that request ssh (ex 3.3.3.3 to 192.168.10.200)
You should only let the masquerade rule apply to traffic leaving your WAN interface.
For example:Code: Select all/ip firewall nat add action=masquerade chain=srcnat out-interface=WAN